Wireless Networking Introduces New Challenges In Security
It seems like only yesterday, a computer network was only found in office buildings, schools, and the homes of advanced computer users. Setting up networks involved stringing cables from one computer to the next, configuring hubs and routers, and lots of spare time. Today the face of networking is much different. Wireless technologies have made it easy for any user to setup a home network. With wireless, the need to string wires through the house is eliminated, which allows anyone to network a device regardless of its location.
On the flip side, the growth of wireless networks among novice users has brought new security challenges. On a hard-wired network, there is little need to fret over security beyond your web connection because the only way an outsider can use your network is with a physical connection. This means that breaking into your wired network also involves breaking into your house, which (thankfully) is out of the realm of computer hackers. However, unsecured wireless networks can be used by anyone with a wireless laptop near your wireless router, even by someone parked in front of your home.
An unsecured network can allow someone to use your web connection to their delight, and if your computer is on, find their way into your personal files. In other words, an unsecured wireless network opens the doors for anyone to take advantage of you.
How Do I Know If I'm Secured?
The central part of any wireless networks is the access point, which is a device that transmits and receives information to wireless devices. Nearly all access points have security measures to help keep attackers out of your network. Even as little as a year ago, most wireless access points had the security features turned off by default. They relied on you to turn on and configure the security settings. While the experienced computer users often have security in mind, average computer users rarely find their way into the routers setup menu.
If you never remembered doing anything beyond plugging in your wireless device, you probably have an unsecured network. To verify the security settings on your wireless device, you'll need to access its configuration menu. Usually, you need to type in the routers IP address in your web browsers address bar. The default for most routers in 192.168.0.1, but every router is a little different. If typing this address does not work, you'll need to locate the user manual for the device. It will have instructions on how to access the setup menu.
Once you've found the setup menu, locate the section for security settings. Depending on the age and features of the product, you'll have different choices. Not everything discussed below will be available on your product. Remember, these days security is something to take very seriously. The more effort you put into securing your wireless network, the less likely someone will try to break into it. Every security measure has a benefit and a drawback.
Security Measures
WEP
WEP stands for wired equivalent privacy, and is the original basis for the 802.11 wireless networking standard. WEP is, for the most part, a great security measure. Without WEP enabled on your home network, you're just waiting to get hacked.
WEP works by encrypting wireless data messages, called packets, sent to and from your router. The encryption is done by what's known as a WEP key, which is a special number that you choose. WEP keys can be either 64bits or 128bits long, which is a measure of your security. Many older wireless products have only 64bit encryption, while the more modern ones will have a 128bit option. Choose the highest level of protection your device offers, and enter in your new WEP key.
Choosing a WEP key should be taken very seriously. Do not choose something easy, like 1, 2, 3, 4, 5, Choose a random combination of numbers and letters a-f to make your key. A 64bit key will be 10-digits long, while a 128bit key will be 26-digits long. Enabling WEP protection will be the greatest step to enhancing wireless security. Once you choose a key, you'll need to enter that same key on every wireless device that uses your network.
Keep in mind, WEP isn't perfect, and therefore should not solely be relied on for wireless security. WEP has a security flaw that can allow an attacker to crack the encryption key over a period of time by analyzing the packets sent back and forth from the router. A wireless network with four active users can generate enough network traffic that an experienced eavesdropper can crack your key in a relatively short amount of time.
Even with this flaw, most hackers won't bother waiting, considering there are so many unsecured networks. Any attacker who's just searching for an open web connection will likely move on to another network, rather than try to hack into yours. So, unless they are specifically after you, few will bother trying to hack in. Nonetheless, you should change your WEP key frequently. For larger networks and those that contain sensitive data, you should consider changing it daily.
Changing your WEP key can be time consuming because you have to change the key on every device that uses the network. But, if security is important to you, it's worth the hassle to have a secure network.
Disable SSID Transmission
SSID stands for service set identifier, and is important for wireless networks. The SSID is how you can differentiate one wireless network from the other. When you setup your wireless network, you need to use the same SSID on each computer you want to use your network. Unlike WEP, the SSID is not a form of encryption, but merely a way for a network access point to know whether or not the broadcasting device is talking to it, or another network.
Wireless access points broadcast the SSID repeatedly to the outside world. Without this broadcast, other computers do not know the network is there to connect to. The broadcast informs the device that the network is there, and asks for the encryption key if needed. The SSID broadcast is a convenience feature for places that use many wireless devices. In a large office building, you may have many access points as you move around. Or, when you settle in at Starbucks or Chicagos, it's the SSID that lets you connect to the wireless hotspot they have setup for their guests. The SSID broadcast makes it easier for the user to find and connect to a wireless network.
Many experts believe that disabling the SSID broadcast on your access point does not help your security, and to a point, they are correct. Anyone analyzing data packets on a network can see what the SSID is in plain English because the SSID is not encrypted with the rest of the message. However, an attacker has to know that the network is there before they begin looking for packets to analyze. Otherwise, it's like digging in the beach for treasure when you don't have a metal detector. The beach is huge, and without a metal detector you can only guess at random where the treasure is.
Novice hackers rely on the SSID broadcast to find wireless networks to hack into. By disabling the SSID broadcast on your wireless access point, laptops and other wireless devices that rely on it will not know it's there unless they already know the SSID. Advanced hackers have other devices that locate wireless networks through means that don't rely on the SSID broadcast, so you'll only be shielding yourself from those who look for it.
The only drawback to disabling the SSID is that you'll need to manually enter the SSID on any new wireless device you try to add to your network. Once the SSID is entered into your device, it will function just as if it was on.
WPA
WPA stands for WiFi protected access. Though WPA is not technically part of the 802.11 standard, it is based on it. WPA was intended as an interim solution for Windows XP users, which fixes many of the holes in WEP, while maintaining backward compatibility. Not all wireless access points have WPA available as an option. In many cases, a simple firmware update can give you this option. You may also need to download an update for Windows XP.
WPA changes how packets are encrypted, by using a new feature called TKIP (temporary key integrity protocol). TKIP fixes the hole in WEP that allows attackers to analyze the data packets and derive the key over time.
If you have the ability to use WPA instead of WEP, it is generally recommended that you do so. WPA currently gives the greatest level of security you can get on a wireless network. Not all devices are WPA compatible, so you'll need to be sure they are before you begin configuring a network for WPA access.
MAC Address Filtering
The MAC (Media Access Control) address (also known as the hardware or physical address) is a unique value associated with a specific network adapter. The MAC address is assigned at the hardware level and cannot be changed, so using MAC address filtering can be extremely effective in network security.
When MAC address filtering is not enabled, any network device can effectively join the network; so long that it passes any other security checks that have been set up. By obtaining the MAC address of every network device you wish to use, you can create a master list in your network router that only allows these particular addresses to join the network. When MAC address filtering is enabled, your router will be like a bouncer at a club, not allowing any network adapter join if it is not "on the list".
Since MAC address filtering is assigned at the hardware level, it cannot be changed. However, a determined and skilled hacker can use software to spoof the MAC address, thus making it look like an approved device. However, the threat of such a hacker trying to break into a home network is minimal.
Why Use Security If It Isn't Perfect
There is no such thing as a perfect security measure. They are secure when introduced, but sooner or later someone will find a way to break it. However, that does not mean you shouldn't use the security measures available to you. It is a fact that a wireless network secured with WEP is much harder to break into than one that isn't.
More often than not, enabling WEP or WPA is all a home user needs to do to effectively secure a network from hackers. Yes, it's still possible to get hacked, but these technologies make it inconvenient enough for an attacker to ignore you, and go down the block to one of your neighbors who didn't turn on any security measures. Just like any predator, they'll always go after the easiest prey.
If you want to be as secure as possible, employ any security measure you can think of. The four mentioned here are the big ones, but there are countless other methods to make your security even tighter. Just make sure that at least WEP or WPA is enabled first.
